Dan Lanciani wrote: > There is a huge difference between requiring a /48 and allowing anything > greater than /8. The former ... > while the latter means that you can bypass the black hole with 2 or 4 > route additions.
Of course you can bypass it. But remember that your bypass is only useful if all intermediate routers have ALSO agreed to the bypass, and that the BGP routers by default ignore updates to local prefixes. So yes, it's trival to modify your system so that the next router in the chain discards the packet instead. More usefully, you can redirect particular known routes to VPNs or other directly connected networks and still have the gateway router drop other (unknown) local packets. BTW - would it be better for the router to send 'reject' packets rather than just blackhole? This should allow applications sending 'bad' local packets to timeout more quickly? -- Andrew White -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
